Manualshelf

HP-UX 11i v3 Installation and Update Guide, September 2008 (Update 3 Release)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
41424344454647484950
Table 3-4 Additional Sec20MngDMZ Install-time Security Settings
1
ActionsCategory
Includes all disabled inetdservices in Table 3-3 and:
inetd Services
Deactivate ftp
Deactivate telnet
Restrict syslog daemon to local connections
IPFilter Configuration
2
Block incoming DNS query connections
Block incoming HIDS administration connections
3,4
Configure IPFilter to allow outbound traffic, block incoming traffic with IP
options set, and all other traffic except for HP-UX Secure Shell, HIDS agent,
WBEM, web admin and web admin autostart
5
, ICMP echo.
1 Applies all security configuration settings in Table 3-3
2
Additional IPFilter rules may be applied via a custom rules file located at /etc/opt/sec_mgmt/
bastille/ipf.customrules
3 HP-UX Host IDS is a selectable software bundle and only available for commercial servers
4 Settings applied only if software is installed
5
Manual action may be required to complete configuration. Refer to /var/opt/sec_mgmt/bastille/
TODO.txt for more information, after install or update.
Table 3-5 Additional Sec30DMZ Install-time Security Settings
1
ActionsCategory
Includes all IPFilter settings in Table 3-4 and:
IPFilter Configuration
2
Block incoming HIDS agent connections
3,4
Block incoming WBEM connections
5
Block incoming web admin connections
Block incoming web admin autostart connections
Block all traffic except HP-UX Secure Shell
Block ICMP echo
1 Applies all security configuration settings in Table 3-3 and Table 3-4
2
Additional IPFilter rules may be applied via a custom rules file located at /etc/opt/sec_mgmt/
bastille/ipf.customrules
3 Settings applied only if software is installed
4 HP-UX Host IDS is a selectable software bundle and only available for commercial servers
5 WBEM is required for several HP management applications including HP Systems Insight Manager and
Partition Manager
Online Diagnostics
The diagnostics software, which is installed with HP-UX 11i v3, consists of two product
bundles:
OnlineDiag
SysFaultMgmt
44 Choosing an Installation Method